Description
This article describes how to synchronize FortiToken Cloud status in FortiAuthenticator.
Scope
FortiAuthenticator, FortiToken Cloud.
Solution
FortiAuthenticator is an identity and access management (IAM) appliance and acts as a central authentication server in Fortinet environments.
Main roles:
- Authentication server.
- Provides RADIUS, LDAP, SAML IdP, OAuth/OpenID Connect, and certificate-based authentication.
- Let's enforce MFA (FortiToken Cloud, FortiToken Mobile, mobile push, SMS/email OTP).
FortiAuthenticator dashboard provides system information, user inventory, system resources, license information...
- License information can sometimes show that FortiToken Cloud status is 'Users-out-of-sync'.
-
Selecting the 'information' sign will show us which users are out of sync with FortiToken Cloud.
Make sure that this user does not exist in FortiAuthenticator, either under Local or Remote users, and that no FortiToken Cloud token is assigned to them.
It is possible that the token was manually removed by an administrator or the user account was deleted from FortiAuthenticator, but the change was not properly synchronized with the FortiToken Cloud portal.
To verify this, review the logs on FortiAuthenticator by navigating to: Logging → Log Access → Logs.
-
Additionally, verify whether the user exists in FortiToken Cloud.
-
Select 'Apply Changes' from Step 2, and a new confirmation dialog will be prompted to synchronize users with the FortiToken Cloud service.
-
Applying changes shows successful synchronization in FortiAuthenticator.
-
Status on the FortiAuthenticator side will change to synced.
Note: FortiToken Cloud is rebranded as FortiIdentity Cloud.
The portal URL for both North America and Europe will continue to work and will automatically redirect to the new URL.
The following are the new portal URLs:
- North America: ftc.fortinet.com will change to fic.fortinet.com
- Europe: euftc.fortinet.com will change to eufic.fortinet.com
